Professional Documents
Culture Documents
Internal Audit Charter 20220524
Internal Audit Charter 20220524
nbn co limited (nbn) has established an Internal Audit function as a key component of its governance
framework.
This Charter provides the framework for nbn’s Internal Audit function and has been endorsed by the
Audit and Risk Committee at its meeting held 5 May 2022 and approved by the Board at the Board
meeting held on 24 May 2022.
AUTHORITY
Internal Audit is authorised to have full, free and unrestricted access to all functions, premises, assets,
personnel, records, and other documentation and information, within the law, that it considers
necessary to enable it to meet its responsibilities.
All records, documentation and information accessed in the course of undertaking internal audit
activities are to be used solely for the conduct of these activities. Internal Audit staff are responsible
and accountable for maintaining the confidentiality of the information they receive during the course
of their work.
Internal Audit will have free and unrestricted access to the Board of Directors and the Audit and Risk
Committee.
OBJECTIVITY
Internal Audit must be able to perform its duties in an objective manner and provide impartial advice
to management and the Audit and Risk Committee. As such, Internal Audit has no direct authority or
responsibility for the activities it reviews.
Internal Audit personnel will not assume responsibility for the design, installation, operation or control
of any procedures within the organisation, with the exception of the Internal Audit function and those
non-audit activities noted below.
The primary responsibility for managing risk, internal control and compliance with legislation,
regulations and ethics rests with management.
It is the responsibility of Internal Audit to communicate to the Chief Financial Officer (CFO) and Audit
and Risk Committee any perceived or potential conflicts of interest that may compromise the
objectivity of Internal Audit.
Refer to the “Internal Audit Co-Sourced Provider Independence and Conflict Protocols” (approved by
the Audit and Risk Committee on 5 May 2022).
1 nbn’s “Enterprise Assurance Framework” is the organisation’s formal approach to integrate risk and assurance.
The primary responsibility for managing risk, applicable internal controls and compliance with relevant
legislation, regulations and ethics rests with nbn’s CFO and Chief Executive Officer. It is the
responsibility of all employees, contractors and third parties to promote and enhance fraud and
corruption control within nbn, and Senior Management are required to demonstrate an ethical tone
at the top in relation to nbn’s zero tolerance to fraud and corruption.
PLANNING
Internal Audit prepares an Annual Internal Audit Plan. Allocation of Internal Audit resources is based
on the annual plan that takes into account:
• nbn’s strategy and objectives;
• Strategic and Key Operational risks;
• Consultation with Executive Committee members;
• Other assurance coverage over key risks; and
• Requests by management and the Audit and Risk Committee.
An Annual Internal Audit Plan is developed in conjunction with management and senior executives
and is approved by the Audit and Risk Committee. The General Manager Internal Audit and Fraud, or
the Audit and Risk Committee, in conjunction with the CFO, may perform alterations to the Annual
Internal Audit Plan where deemed appropriate to do so. Material alterations to the Annual Internal
Audit Plan are subject to approval by the Audit and Risk Committee.
REPORTING
An Internal Audit report will be issued for every review performed. All reports will be discussed with
management before they are issued. Discussions will include all relevant management for the area
under review. The report of each review will be provided to the Audit and Risk Committee, which
shall be responsible for ensuring the satisfactory outcome of reviews.
The General Manager Internal Audit and Fraud will report to the Audit and Risk Committee on:
• Audits completed, issues identified and their root causes;
• Progress in implementing the strategic business plan and audit work plan; and
• The status of the implementation of agreed Internal Audit recommendations.
Internal Audit will also report to the Audit and Risk Committee at least once annually on overall
perspectives on internal controls, root causes and any systemic issues requiring management
attention at nbn.
Internal Audit will maintain a quality assurance and improvement program that covers all aspects of
the Internal Audit activities. The Internal Audit function's assessment of its performance and
effectiveness through its Quality Assurance and Improvement Program 2 will be reviewed annually by
the Audit and Risk Committee, including compliance with the Institute of Internal Auditors' IPPF.
Internal Audit’s Quality Assurance and Improvement Program (QAIP) provides assurance to the ARC,
Executive Committee (ExCo), and senior management that Internal Audit work is performed in
accordance with the Internal Audit Charter and the Professional Standards. This is also to provide
assurance that Internal Audit work is operating in an effective and efficient manner and is perceived
by key stakeholders as adding value to nbn. Any findings and recommendations from the QAIP will be
followed-up by the General Manager Internal Audit and Fraud to ensure that appropriate action plans
are developed and implemented in a reasonable timeframe.
A qualified, independent assessor or assessment team from outside the organisation will conduct a
full external assessment every three years. The assessment will consist of a broad scope of coverage
including:
• Conformance with the IPPF and Internal Audit’s Charter, policies, procedures, and any
applicable legislative and regulatory requirements;
• Expectations of Internal Audit as expressed by the ARC, ExCo and senior management;
• Integration of the Internal Audit activity into nbn’s governance and assurance processes;
• The mix of knowledge, experience, and disciplines within the audit team; and
• A determination of whether Internal Audit adds value and improves nbn’s operations.
Results of external assessments will be provided to the ARC and CFO at the completion of each three
yearly review. The external assessment report will be accompanied by a written action plan in
response to significant comments and recommendations contained in the report. The last external
assessment was conducted in July 2021 with results tabled at the August 2021 ARC meeting. The next
external assessment is scheduled for 2024.
REVIEW
The Internal Audit Charter will be reviewed annually to ensure it remains consistent with nbn’s
strategy and objectives and the Audit and Risk Committee Charter. The results of this review will be
reported to the Audit and Risk Committee. Any significant changes must be approved by the Audit
and Risk Committee.
PUBLICATION
A copy of this Charter is publicly available on the nbn website :
https://www.nbnco.com.au/corporate-information/about-nbn-co/governance/risk-management
Mark Trajcevski
General Manager Internal Audit and Fraud
Effective as of 24 May 2022
2 As defined in the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors published 1 January 2017.
Classification nbn-Confidential:INTERNAL-RESTRICTED-ACCESS-ONLY
Status Final
Policy author Mark Trajcevski, General Manager Internal Audit and Fraud
Email marktrajcevski@nbnco.com.au
Approval table
nbn Meeting no. Meeting date Agenda item no.
Board 159 24 May 2022 17.1
Audit and Risk Committee 68 05 May 2022 6.2
Board 149 18 May 2021 12.4
Audit and Risk Committee 63 06 May 2021 6.2
Board 138 19 May 2020 14.2
Audit and Risk Committee 58 07 May 2020 6.2
Board 128 21 May 2019 14.2
Board 117 22 May 2018 17.3
Board 107 23 May 2017 13.1
Board 98 21 June 2016 17.1
Board 86 16 June 2015 14
Board 73 03 June 2014 13
Board 59 11 July 2013 26
Audit and Risk Committee 14 17 May 2012 06a
Audit and Risk Committee 09 19 May 2011 05a
Audit and Risk Committee 04 19 May 2010 07